BPF, as in Berkeley Packet Filter, was initially conceived in 1992 so as to provide a way to filter packets and to avoid useless packet copies from kernel to userspace. It initially consisted in a simple bytecode that is injected from userspace into the kernel, where it is checked by a verifier—to prevent kernel crashes or security issues—and attached to a socket, then run on each received packet. It was ported to Linux a couple of years later, and used for a small number of applications (tcpdump for example).

I received some malspam on 03/22/18 that contained two .doc file attachments. The subject of the email was “Order 2018-048 & 049, Please Confirm”. The attached exploit documents were named similarly to the subject of the email, “PO2018-048.doc” and “PO 2018-049.doc”.

When launched with any of these it will call the advpack.dll!RegInstallW function passing to it one of the section names (called RegExe or UnregExe respectively) that are defined inside the .inf file embedded directly in the regedit.exe file:

We all know them, we all use them everyday — context menus. These are the handy little windows when right clicking on content, which enables you to select a wide variety of options to interact with the data that’s presented to you. Though what’s different is that they look slightly different from application to operating system, but generally keep the basic idea.

This was a vulnerability discovered by Google’s OSS-Fuzz project and it was fixed by Matt Caswell of the OpenSSL development team. The vulnerability affects OpenSSL releases prior to 1.0.2o and 1.1.0h and based on OpenSSL team’s assessment, this cannot be triggered via SSL/TLS but constructed ASN.1 types with support for recursive definitions, such as PKCS7 can be used to trigger it.

Microsoft has released a tool on Monday to help Linux aficionados in porting their favorite Linux distro to run on the Windows Subsystem for Linux (WSL), a Windows 10 component that sideloads Linux distros on modern Windows 10 PCs.

One of the first things an attacker will do when reverse engineering a mobile application is to bypass the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protection to gain a better insight in the application’s functioning and the way it communicates with its server.

.htaccess file is a very important & useful file used to alter the configuration of Apache web server. .htaccess files can be used to change the configuration of the Apache Web Server to enable/disable additional functionality and features.

Attackers are always looking for new ways to execute files on Windows systems. One trick involves using either AutoIT or AutoHotKey, simple tools that allow users to write small programs for all sorts of GUI and keyboard automation tasks on Windows.

This is a little, naughty trick that enables us to achieve persistence in a quite an unexpected way. When we talk about PATH environment variable, we know that we can set it to a specific variable using the Registry keys:

As a systems administrator you’re surely no stranger to Windows®Management Instrumentation (WMI), which gives you access to a wealth of management information and allows you to automate administrative tasks. To take full advantage of WMI you have to write queries to extract the information you need. And if you don’t have the ready-made queries already floating around in your head, you just might want to take the WMI Code Creator for a spin.

Today I discovered that while everyone knows one can use the c:\WINDOWS\system32\drivers\etc\hosts file to introduce static entries to the DNS resolver there is one more file that can be utilized for this purpose.

By now it’s obvious that data security technology hasn’t kept pace with the needs of consumers. In 2017 alone, we learned about massive data breaches from major organizations like Equifax, Uber, and Verizon. In other words: We’re in the midst of a data breach epidemic.

Formbook is a form-grabber and stealer malware written in C and x86 assembly language. It’s a ready to sell malware, that can be used by cyber-criminals who don’t have any skill in malware development.

In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, penetration testing, web application penetration testing and other InfoSec related subjects.

Here's the tl;dr - someone named "Md. Shofiur R" found troyhunt.com on a "free online malware scanner" and tried to scare me into believing my site had security vulnerabilities then shake me down for a penetration test. It didn't work out so well for him, here's the blow-by-blow account of things then I'll add some more thoughts afterwards:

Sharing your scoops to your social media accounts is a must to distribute your curated content. Not only will it drive traffic and leads through your content, but it will help show your expertise with your followers.

Integrating your curated content to your website or blog will allow you to increase your website visitors’ engagement, boost SEO and acquire new visitors. By redirecting your social media traffic to your website, Scoop.it will also help you generate more qualified traffic and leads from your curation work.

Distributing your curated content through a newsletter is a great way to nurture and engage your email subscribers will developing your traffic and visibility.
Creating engaging newsletters with your curated content is really easy.